The bill would amend the Business and Commerce Code relating to a business’s duty to protect personal information in customer records.  The bill would require businesses to encrypt any sensitive information that a business maintains in electronic files, and would authorize a person harmed by a breach of a business system security to bring a private cause of action against the business for damages.  According to the Office of Attorney General, the bill would not likely result in new cases for the consumer protection, public health, or financial litigation divisions.   To the extent the bill would amend court procedures relating to litigation of consumer protection, public health or financial cases, no significant fiscal implication to the State is anticipated.  The bill would take effect September 1, 2007.